Haven't We Met Before? Using Recent Bug-Fixes to Find New Vulnerabilities.
For a large, robust codebase that has been subjected to regular scanning by commercial and/or open-source scanning tools, there can be difficulties in locating new bugs, particularly in a short time frame.
It's possible to find new vulnerabilities that are missed by traditional code scanning tools by looking at the format and structure of previously identified vulnerable code and using a suitable scanner (Weggli) to find repeated undiscovered instances of similar bugs.
This is particularly suitable for patterns that are spread across multiple lines and those that might be missed by standard scanners.
Cyber Threats' detections and investigations in Azure
As Cyberattacks are arising day-by-day, every organization needs to be secure enough to fight against them. Being pro-active is the recommended approach, so if you don’t log and monitor anything at all. Your organization will have blind spots, and that will make it incredible hard for both security & IR teams.
In this session, you will learn how to monitor each activity that occur within your organization in order to find out unusual user activities, sensitive info accesses, unwanted changes in configurations, privileged access assignments, etc.
Then you will understand how you could become a forensic investigator by surfing various Microsoft portals and collect the appropriate details to identify the start of the attack, the affected areas, and more.
To finish, you will see how Microsoft Security Copilot could help you to respond to threats faster.
Attacking and Defending Kubernetes Clusters
In this comprehensive workshop, participants will delve into the world of Kubernetes cluster security. Through a combination of theoretical knowledge and hands-on practical scenarios which were observed during real-life security assessments of K8S clusters for enterprises, attendees will gain a deep understanding of both attacking and defending Kubernetes clusters. This workshop is beginner level and tailored for anyone who wants to get into DevOps, system administrators, and security professionals and anyone who wish to enhance their skills in securing Kubernetes environments.
Pre-requisites for the workshop: Basic understanding of application security fundamentals, a laptop with administrative rights (to install the tools necessary), VirtualBox/Workstation (will add more in the future if any)
Registration of ateendees and socializing .
COSMICENERGY: The Renaissance of Threats to Operational Technology
Daniel Kapellmann Zafra
For the last ten years we have seen a fast evolving operational technology (OT) security community learning about cyber physical attacks and how to defend critical infrastructure against them. However, since the beginning of the conflict in Ukraine, we have seen quite a twist in the OT threat landscape. A renaissance or breakthrough period of innovation is making threats to cyber physical systems more streamlined and common than ever before.
During the conflict, we have observed the intensification of threat activity coming from different fronts, including criminals, hacktivists, and nation-states. Such activity has resulted in a quick turnaround in the development of malware and capabilities to target OT systems. In this talk, I will provide an overview of the evolution of OT threats focusing primarily on the new capabilities we have observed since the eve of Ukraine’s invasion.
Panel - The Cyber Security Landscape
How to pentest industrial systems (OT/ICS) and still live to tell the tale!
Industrial control systems (ICS) and operational technology (OT) environments are critical components of modern industries such as manufacturing, energy, transportation, and healthcare.
Many myths evolve on the security models, industrial systems (OT/ICS) and how insecure they are (True) and how no-one can pen-test in a safe way (not so true).
The presentation would also include a primer to Industrial Penetration Testing Methodologies and Exploitation techniques targeting industrial protocols and systems (Vulnerability assessment and penetration testing of SCADA systems).
The takeaway for the participants would be a clear and new understanding of the current security challenges within critical infrastructure sectors (energy, water, transportation, etc.)
SOAR in Cyber Security
SOAR combines three software capabilities: the management of threats and vulnerabilities, responding to security incidents, and automating security operations. The purpose of this session is to understand what is SOAR, which is the difference between SOAR and SIEM and why is SOAR used in SOC.
All quiet on the Western front, your first 100 days as a CISO
The aim of the session is to present the role of the CISO and (hopefully in an entertaining way) share the known and less known aspects of its mission, it's role towards the business and other stakeholders, required skills and advised training and education, how to handle the first 100 days but also aspects to check out before saying yes to the mission. For dramatical purpose, light analogies to warfare may be included for better audience experience.
SIEM Slam: Tricking Modern SIEMs with Fake Logs and Confusing Blue Teams
Our research has uncovered a sneaky tactic that attackers use to outsmart modern Security Information and Event Management (SIEM) tools, such as Splunk.
By creating and injecting fake logs, attackers can divert the attention of blue teams and conceal their real attacks. In this study, we explore this devious approach and provide an in-depth analysis of how it can be used to deceive security operations.
Encrypting buckets for compliance and ransom - How Attackers Can Use KMS to Ransomware S3 Buckets
A successful ransomware attack is the culmination of numerous steps by a determined attacker: gaining initial access to the victim’s environment, identifying sensitive data, exfiltrating sensitive data, encrypting original data, etc.
This talk will outline how an attacker can abuse the principle of Least-Privilege on KMS keys to encrypt the data on its target's buckets, making them unaccessible. This talk will also show how a defender can protect or detect against these attacks, rendering them useless.
Cyber Kill Chain from the Eyes of the Red and Blue team
TTPs used by Red Teamer and what Blue Teamers can do to detect or prevent them. This talk will provide a structured approach in understanding what Red Teamers and Blue Teamers are/can do(ing) through each phase of the Cyber Kill Chain. I will start by providing an intro on why there was a need for this framework and proceed further with a walkthrough of each phase of the Cyber Kill Chain by providing examples on offensive techniques used by Red Teamer and detection or prevention mechanisms Blue Teamer can use.
Cyber Threat Hunting Guide: Techniques, Models, Tools, Benefits
Cybercriminals are growing clever than ever before, making cyber threat hunting a crucial component of the network, endpoint, and data security measures. If a sophisticated external attacker or insider threat is able to circumvent basic network protection mechanisms, they may go unnoticed for weeks. To minimize the consequences of security breaches, it is crucial to detect them as soon as feasible. No longer can security professionals afford to wait for automated cyber threat detection systems to alert them of an approaching attack.
Unveiling Hidden Threats - 0-Days, Impact, and Implications
Explore the thrilling world of zero-day hunting as we uncover hidden vulnerabilities. This talk dives into zero-days' anatomy, cutting-edge techniques, and responsible disclosure practices. Gain practical insights, real-world case studies, and a thorough understanding of the risks and benefits of zero-day vulnerabilities. Enhance security vulnerabilities disclosure prowess and effectively navigate through cyberspace.
Secure Coding - SecDevOps vs DevSecOps
This session will be focused on one of the biggest challenge in today's information technology security concerns, secure coding along with the advantages and disadvantages of two known methodologies , SecDevOps and DevSecOps. Taking into consideration that almost everything technology wise is fundamentally built upon coding, there is a critical importance on securing the process of product development on every step.This being said, I will focus on best practices for both security and development to make this process work on a Dev+Sec+Ops methodology.
Blockchains are known to be huge repositories of public data. But what can we find there and what can it be used for?
This talk will aim to answer these questions. To show the interest of knowing how to explore blockchains for both forensics and bug hunting.
The amount of data contained in some blockchains makes research and processing sometimes complicated, between transaction analysis, scripting and mathematics, we will see how to efficiently extract the most interesting data from public blockchains.
For both Red and Blue public
Creating a Resilient Red Team Infrastructure using Terraform
As organizations continue to strengthen their security defenses, red teamers are facing increasingly difficult challenges in performing successful assessments. Building a resilient infrastructure that can withstand detection and disruption has become a top priority for red teamers. In this presentation, I will share my insights on how to create a resilient red team infrastructure using Terraform.
Throughout the presentation, we will discuss different approaches to challenges I faced during red team engagements and how I designed a cloud infrastructure to serve for phishing scenarios, C&C traffic as well as a file storage server. And the best part, I can destroy and rebuild a fresh new one in a matter of SECONDS!